Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! ΞΞ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

"Privacy seppuku" is the decision by privacy-oriented projects to voluntarily shut down, rather than be coerced into collaboration with the surveillance regime and concomitant betrayal of customer trust. The 'seppuku pledge' is a public pre-commitment to the principles of privacy seppuku, This is a place to review & discuss...

In the wake of Lavabit closure, what kind of guarantee, we as potential customers of cryptostorm, would have that cryptostorm would not shut down for similar reasons as Lavabit?Lavabit owner: "I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States." [https://lavabit.com/]

Grigore wrote:In the wake of Lavabit closure, what kind of guarantee, we as potential customers of cryptostorm, would have that cryptostorm would not shut down for similar reasons as Lavabit?Lavabit owner: "I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States." [https://lavabit.com/]

Your question is excellent, and timely.

We have a thread here - linked to directly, via http://seppuku.cryptostorm.org - that details our commitment in this regard, which we have had since 2008. It is, ironically, something that has always been ignored by folks... both by most customers (we assume, since we haven't been asked about it more than a handful of times, in six years' span), and the larger community as well. That's ok, it's something we feel strongly about and we've just continued to remind folks that it's important, and that someday people will realize that it matters a great deal.

Now we need to flesh out some of the details of that, so that folks can understand more fully what we mean. That includes, as you say, addressing the question of what happens if we're ever in a position where we must follow through with it. That kind of thing has been on our "to-do list" for years, really. Now it's at the top.

We'll add data to the existing thread, and likely make a new thread that's more customer-specific in terms of the mechanics of how it all works; we'll make sure pointers to those resources are placed directly in this thread, as well.

I think the important question here is what are your "chinese manufacture" style equivalent policies. By this I mean the tried an tested chinese act of closing today and opening tomorrow debt free two doors down the street. Is there a mechanism to enable subscribers to still retain value accepting that no one really cares what the company is called (sorry) as long as the service persists in some form.

I am think shelf company in some weird haven with a copy of the mailing list because the act of sepeku while admirable can very shortly leave no one standing.

xvart wrote:I think the important question here is what are your "chinese manufacture" style equivalent policies. By this I mean the tried an tested chinese act of closing today and opening tomorrow debt free two doors down the street. Is there a mechanism to enable subscribers to still retain value accepting that no one really cares what the company is called (sorry) as long as the service persists in some form.

The question you ask is structurally one of integrity: if a "company" vanishes and a new one sets up down the street, do old customers have confidence that the new company will honour their relationship? This of course matters quite a bit in a service that's prepaid - like cryptostorm.

And like all questions of integrity, it's one that is fundamentally answered by action and not by words. Either a team demonstrates this integrity in practice, or it doesn't. Integrity - like respect - is a category that's earned, not "given."

During the cryptostorm migration, all former Cryptocloud customers are receiving full credit for their former status - no questions asked. This is not a trivial decision, on financial terms - but it is self-evidently the right one, and having participated in that decision with the team I can say that it was an easy decision to make.

From a sociocultural perspective, we're seeing in this a manifestation of the larger breakdown of the rule of law in our world. In a world governed truly and predictably by civil law - law applied to everyone, equally, irrespective of power or wealth or political status - it is the law that ensures things like a project team respecting the financial interests of its customers: if the team fucked its customers (excuse my language, but it's apt), then they'd have legal recourse - which disincentivizes this kind of behaviour.

But of course in many countries - particularly the U.S. and even places like Canada - this is a quaint fairytale. If a team took advantage of... oooh, let's say a U.S. Senator, then they'd all end up being prosecuted and facing decades in jail. But if... oooh, let's say a Senator was the owner of a company that did this, any effort at seeking redress in civil court would be all but laughable.

That's how things work, when the law is no longer the basis of social trust.

And in that kind of context, things boil down pretty quickly to a question of trust - which is to say integrity. We come to trust certain actual people, based on their demonstrated integrity (or some other relationship), and we end up avoiding entanglements with people we don't trust - since there's no way we can enforce contracts on them, in practical terms. There's good and bad in that. Irrespective of good or bad, this is our world today... and privacy seppuku is part and parcel of that world. The two go hand in glove.

On a personal level, I'd say that this kind of thing is the wet dream - intentional or not - of Ayn Rand groupies and doctrinaire libertarians. No government, no rule of law, nobody to enforce contracts outside of private parties themselves. Yay - isn't this great? Those with power can now exercise it with few constraints, and those without get fucked - no recourse to law for those without.

In any case, in this post-Snowden/post-law world in which we all now live, we need to use the tools that are suitable for this form of social structure. Those aren't the same tools suitable for a different kind of world... but we don't live in that different kind of world any longer.